src/hg/hgLogin/hgLogin.c 2b30b55d6a5b71648296873b570b9d68b4901b6a

2b30b55d6a5b71648296873b570b9d68b4901b6a
galt
  Wed Feb 15 02:21:56 2017 -0800
CSP code cleanup. Using jsInlineF where needed for compact and efficient code, not using fixed-size local javascript strings which could overflow.

diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c
index 40d5d06..0d6168d 100644
--- src/hg/hgLogin/hgLogin.c
+++ src/hg/hgLogin/hgLogin.c
@@ -316,46 +316,42 @@
 char *cgiDir = cgiScriptDirUrl();
 char returnTo[2048];
 if (!returnURL || sameString(returnURL,""))
    safef(returnTo, sizeof(returnTo),
         "http%s://%s%shgSession?hgS_doMainPage=1",
         cgiAppendSForHttps(), hgLoginHost, cgiDir);
 else
    safecpy(returnTo, sizeof(returnTo), returnURL);
 return cloneString(returnTo);
 }
 
 void returnToURL(int delay)
 /* delay for delay mill-seconds then return to the "returnto" URL */
 {
 char *returnURL = getReturnToURL();
-char javascript[1024];
-safef(javascript, sizeof javascript,
+jsInlineF(
     "function afterDelay() {window.location = '%s';}\n"
     "window.setTimeout(afterDelay, %d);\n"
     , returnURL, delay);
-jsInline(javascript);
 }
 
 static void redirectToLoginPage(char *paramStr)
 /* redirect to hgLogin page with given parameter string */
 {
-char javascript[1024];
-safef(javascript, sizeof javascript,
+jsInlineF(
     "window.location ='%s?%s'"
     , hgLoginUrl, paramStr);
-jsInline(javascript);
 }
     
 void  displayActMailSuccess()
 /* display Activate mail success box */
 {
 char *returnURL = getReturnToURL(); 
 hPrintf(
     "<div id=\"confirmationBox\" class=\"centeredContainer formBox\">"
     "\n"
     "<h2>%s</h2>", brwName);
 hPrintf(
     "<p id=\"confirmationMsg\" class=\"confirmationTxt\">A confirmation email has been sent to you. \n"
     "Please click the confirmation link in the email to activate your account.</p>"
     "\n"
     "<p><a href=\"%s\">Return</a></p>", returnURL);
@@ -441,35 +437,33 @@
 int result;
 result = mailViaPipe(email, subject, msg, returnAddr);
 if (result == -1)
     {
     hPrintf( 
         "<h2>%s</h2>", brwName);
     hPrintf(
         "<p align=\"left\">"
         "</p>"
         "<h3>Error emailing %s to: %s</h3>"
         "Click <a href=%s?hgLogin.do.displayAccHelpPage=1>here</a> to return.<br>", 
         hgLoginUrl, obj, email );
     }
 else
     {
-    char javascript[1024];
-    safef(javascript, sizeof javascript,
+    jsInlineF(
         "window.location = '%s?hgLogin.do.displayMailSuccess=1'"
         , hgLoginUrl);
-    jsInline(javascript);
     }
 }
 
 void mailUsername(char *email, char *users)
 /* send user name list to the email address */
 {
 char subject[256];
 char msg[4096];
 char *remoteAddr=getenv("REMOTE_ADDR");
 
 safef(subject, sizeof(subject),"Your user name at the %s", brwName);
 safef(msg, sizeof(msg), 
     "  Someone (probably you, from IP address %s) has requested user name(s) associated with this email address at the %s: \n\n  %s\n\n%s\n%s", 
    remoteAddr, brwName, users, signature, returnAddr);
 sendMailOut(email, subject, msg);
@@ -506,35 +500,33 @@
 int result;
 result = mailViaPipe(email, subject, msg, returnAddr);
 if (result == -1)
     {
     hPrintf(
         "<h2>%s</h2>", brwName);
     hPrintf(
         "<p align=\"left\">"
         "</p>"
         "<h3>Error emailing %s to: %s</h3>"
         "Click <a href=%s?hgLogin.do.displayAccHelpPage=1>here</a> to return.<br>",
         hgLoginUrl, obj, email );
     }
 else
     {
-    char javascript[1024];
-    safef(javascript, sizeof javascript,
+    jsInlineF(
         "window.location = '%s?hgLogin.do.displayMailSuccessPwd=1&user=%s'"
         , hgLoginUrl, username);
-    jsInline(javascript);
     }
 }
 
 void sendNewPwdMail(char *username, char *email, char *password)
 /* send user new password */
 {
 char subject[256];
 char msg[4096];
 char *remoteAddr=getenv("REMOTE_ADDR");
 
 safef(subject, sizeof(subject),"New temporary password for your account at the %s", brwName);
 safef(msg, sizeof(msg),
     "  Someone (probably you, from IP address %s) requested a new password for the %s (%s). A temporary password for user \"%s\" has been created and was set to \"%s\". If this was your intent, you will need to log in and choose a new password now. Your temporary password will expire in 7 days.\n\n  If someone else made this request, or if you have remembered your password, and you no longer wish to change it, you may ignore this message and continue using your old password.\n\n%s\n%s",
     remoteAddr, brwName, brwAddr, username, password, signature, returnAddr);
 sendPwdMailOut(email, subject, msg, username);